HIi @ITWhisperer
index=foo sourcetype=json_foo source="az-foo"
|rename tags.envi as env
|search env="*A00001*" OR env="*A00002*" OR env="*A00005*" OR env="*A00020*"
|table env
from the fields i am using:
env="*A00001*" as "PBC"
env="*A00002*" as "PBC"
env="*A00005*" as "KCG
env="*A00020*" as "TTK"
reference:
From this SPL, i am trying to create a table like
------------------------------------------------------
PBC | KCG | TTK
-------------------------------------------------------
all values all values all values
count count count
1 Solution
